Master Admin Guide (NGIT staff only)

The master admin lives at https://apps.ngit.com.au/admin. Gated by Cloudflare Access (M365 SSO via ngwebit.cloudflareaccess.com). Password fallback at ?direct=true.

Tabs

Active Clubs

Lists every approved club. Click Configure to expand a panel with:

• Custom domain: the hostname for this club's roster. Empty = uses default apps.ngit.com.au/<slug>. See Custom Domains for setup.
• Advanced → Provision a new module hostname: registers an additional hostname as a Worker custom domain. Only needed when adding a second app to a club's existing infrastructure.
• Admin Users: magic-link login allow-list for this club. Add new admins by email; removing instantly revokes access.

Per-row buttons:

• Configure (sliders icon) - opens the expander above
• Open roster (external link) - opens the public roster
• Open Admin (gear) - opens this club's admin panel using your master password (auto-login via sessionStorage)
• Clear all (counter-clockwise) - wipes all rounds/shifts/slots, keeps the account
• Delete club (trash) - permanent deletion, requires typing the club name

Pending

New club signups awaiting approval. Each card shows the slug, contact name, sending domain, and submitted timestamp. Two buttons:

• Approve: opens a modal asking you to set the initial admin password and (optional) a welcome note. On confirm, the club row is created, the contact email is added to club_admins, and an approval email is sent.
• Reject: opens a modal asking for a reason. The applicant gets that reason in a rejection email; the signup row is marked rejected.

All Signups

Read-only history of every signup (pending, approved, and rejected). Useful for audit and "did this club ever apply?" lookups.

System

System Email Settings: the from-address and friendly name used for all system-level emails (signup notifications, magic-link logins, step-up codes for clubs that haven't configured their own sender). Default: rosters@ngit.com.au. Click "Send Test" to verify deliverability.

Database Backups: weekly full-DB SQL dumps land in the canteen-roster-backups R2 bucket every Sunday at 02:00 AEST. Click "Run backup now" to trigger one on demand. Click "Show recent" to list the last few R2 objects.

Approving a new club walkthrough

1. Pending tab → click Approve on the card.
2. Set an initial admin password (something memorable like ClubName2026!). The applicant changes this on first login.
3. (Optional) write a welcome note. It goes in the body of the approval email.
4. Click Approve & Create Club. Within a second, the club is created and the email is sent.
5. Switch to Active Clubs, find the new entry, click Configure, and confirm the custom domain (if any) is set.
6. Email the applicant separately to walk them through the Quick Start if they're not technical.

Adding a custom domain to an existing club

1. Customer adds a CNAME at their DNS provider pointing apps.theirclub.com.au (or whatever) to apps.ngit.com.au. Wait 2-5 minutes for propagation.
2. Configure → Custom domain: paste the hostname. Click Save.
3. Worker calls Cloudflare API to register the binding and provisions SSL (~30 seconds).
4. Test in a browser: https://apps.theirclub.com.au/admin should load their branded admin login.

Adding admin users to a club

1. Configure → Admin Users.
2. Type the email + name. Click Add admin.
3. The new admin can immediately request a magic link from /admin.
4. To revoke: click the trash icon next to their entry. Their existing session is invalidated on the next request.

Running a backup on demand

1. System → Database Backups.
2. Click Run backup now. Takes 5-15 seconds (depending on DB size).
3. The result panel shows the R2 key (e.g. backups/2026-04-19/full.sql) and byte size.
4. To download: use wrangler r2 object get canteen-roster-backups/<key> --file=local.sql or the Cloudflare R2 dashboard.
5. To restore: wrangler d1 execute canteen-roster --remote --file=local.sql against a fresh D1 database.

Step-up bypass

Master admins (sessions where email='master' or the request used X-Master-Password) skip the step-up email-code flow on destructive endpoints. Don't rely on this in regular operation; the typed-name confirmation is the floor.

Test sandbox

There's a permanent test club called test-ngit ("Test NGIT Club") for safe destructive QA. Admin email: nick@ngit.com.au. Use it freely; no live volunteers.

The automated e2e test suite (npm run test:e2e) runs against this club only. See the main repo README for details.